ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: fix bad-hmac in sw scheduler if async mode

Browse Source 
When IPsec async mode is enabled, packets don't pass through the tunnel
if ciphers other than AES GCM are used for child SAs. An error that
arises is "bad-hmac" in the "crypto-dispatch" node.

On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set
for the integrity crypto operation when it's not supposed to. It seems
that the flag remains from the previous operation.

With this change, zero flags of crypto operations in the SW scheduler
during operation filling.

Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c
This commit is contained in:
Alexander Chernavin
2020-12-28 04:29:13 -05:00
committed by Neale Ranns
parent 447d55b86c
commit 74b2a9b2c6
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/plugins/crypto_sw_scheduler/main.c
View File

@@ -255,6 +255,7 @@ crypto_sw_scheduler_convert_link_crypto (vlib_main_t * vm,
integ_op->digest = fe->digest;
integ_op->digest_len = digest_len;
integ_op->key_index = key->index_integ;
crypto_op->flags = integ_op->flags = 0;
if (is_enc)
crypto_op->flags |= VNET_CRYPTO_OP_FLAG_INIT_IV;
else